The invention relates to a setting information distribution apparatus, method, program, and medium, an authentication setting transfer apparatus, method, program, and medium, and a setting information reception program.
In recent years, with an increase in various networks that are represented by an IMT-2000 system and a wireless LAN and the spread of information user terminals such as a personal computer (hereinafter referred to as “PC”) having a radio communication function or a personal digital assistance (hereinafter referred to as “PDA”), environments where various services can be used by connection with a network anytime and anywhere are being improved.
The networks and services are run by a plurality of provider domains and systems, and a user contracts with each provider and uses various services. It is general to remotely access to a private network such as an enterprise network from the network having a public wireless LAN by using such environments.
An increase in crimes using the networks such as spoofing or eavesdropping is apprehended simultaneously with the expansion of the users using a service over a network, with the result that the users themselves are required to perform the security measures. As the security measures, it is general that detection application (program or program product) as a virus/worm measure is installed into a user terminal that is connected to the network. It is also general that a fire wall as an intrusion measure, an encryption application as a tapping measure, and an authentication function are installed into the user terminal. Moreover, the network side in turn encrypts radio signals in consideration of the security between users in public wireless LAN, etc.
However, in the security measures, since the user himself/herself needs to perform setup of various tools, updating of a virus definition, or the like, the operation error is liable to occur. In particular, in the mobile environments, it is also necessary that the encryption key of a wireless LAN be changed or IP addresses of a DNS, a gateway, a proxy, and the like be changed by the terminal itself, and in the change, the operation error is also liable to occur. In the current situation, the security problem adversely affects the mobile environments in that not only the security of the user himself cannot be maintained, but also a damage induced from the virus or the worm is expanded to the network side which offers a service. In the future, the technology and the operation technique for maintaining high security with the enhancement of the user's convenience are requested in the mobile environments that continues to develop widely.
(1) In the wireless LAN which has been developed as one of the access networks, as a technique in which the encryption key setup is automated and the access control of the user is conducted, there is a system using IEEE 802.1x (Network Port Authentication) which is a standard of measure. This is an access control technology that is implemented in a wireless LAN access point or a switch by which the network authenticates the user who has accessed the network by the user authenticator of an ID or an electronic certificate, and only the authorized user is allowed to use the wireless LAN service. Moreover, high security operation can be performed by distributing and updating the encryption key (WEP) of a wireless LAN simultaneously. However, since an encryption algorithm of WEP is vulnerable, and a tool which decrypts the encryption algorithm can be easily obtained, it is very dangerous to use WEP. Although the security function containing IEEE 802.1x is standardized as IEEE 802.11i and a robust encryption algorithm is adopted now, it takes time to spread the encryption algorithm.
(2) Moreover, in order to use the wireless LAN, the user himself/herself is required to set up the access ID (SSID) for distinguishing a wireless LAN network which is different in organization units such as providers. Similarly, user identifiers in turn differ for every organization. Since various kinds of setup by the user is required, while lowering convenience, there is a tendency for a user to set up the same user identifier and the same password easily. Therefore, many setups of the user terminal which is not desirable on security exist potentially. Moreover, SSID can be freely set up by the owner of a wireless LAN access point, and it is possible to readily perform spoofing, with the result that it is very dangerous to use SSID.
In order to eliminate the lowness of the convenience in that the user himself/herself sets SSID to a user terminal for every providers, there is a service in which all access IDs (SSIDs) of the affiliated public wireless LAN services are merged, and a setting list is distributed to a mobile user terminal in advance. In iPass and GRIC which are carrying out a roaming service worldwide, the setting list is held in a connection tool, and during connection with the network, the setting list can be updated automatically. However, more loads are placed on a memory medium of the mobile user terminal, which stores the information of the user terminal, as the number of affiliated services increases. Moreover, because the loads are in turn placed on a server that performs centralized management of the setting lists for automatically updating, considerable management costs are required.
(3) Moreover, in order to use the service by connection with a network, it is necessary to acquire the IP address, DNS server address, gateway address, etc. of the user terminal. As a technique that automates the setup and dynamically distributes the setup, there is DHCP (dynamic host configuration protocol) specified by RFC2131 which is a standard of measure. However, there is no security measures in DHCP, and a malicious user connected with the same subnet can spoof as the DHCP server and distribute an incorrect setup to the user.
Furthermore, in order for a web browser to access a web server, a Mail server, an FTP server, etc. on the Internet or intranet, the web browser may have to go via a proxy server. A proxy server is used to cache a request for accessing the Web server and its response thereto, transfer the request from a large number of clients efficiently, and control the access to the Internet. Since a proxy server is used with various structures according to a setup of a network, a method of load distribution, or the like, it is not easy to set up the network completely according to the situation for every organization. There is WPAD (web proxy auto-discovery protocol) as a technique that automates the setup and dynamically distributes the setup. However, since there is no security measures in WPAD and access by DHCP or DNS is included in the automatic setup, an incorrect setup can be distributed to the user through the spoofing DHC server.
If the mail server or web server to which the user accesses has adopted security of SSL, the possibility of inaccurate relay or tapping by a wireless LAN becomes low, allowing the safe use of a service. However, both of all servers and clients need to comply with those measures, and time is required for perfect spread due to the required costs.
(4) Usually, the mail server or the web server accessed by the user are arranged in networks of an enterprise or a provider which the user made a contract of. In the case where the entire network or an area where the mail server or the web server is located is secure, there is a system using (i) a virtual private network specified by RFC2764 (A Framework for IP Based Virtual Private Networks) which is a standard of measure as a technique that safely accesses a secure area of the network from a network different from the network, and (ii) IPsec specified by RFC2401 (security architecture for the Internet protocol) as a technique that executes the encryption and authentication for guaranteeing the confidentiality and safety of an IP packet, or (iii) IKE specified by RFC2409 (the Internet key exchange) as a key exchange technology for encryption. The application which combines those techniques together is put into a gateway server, which is put at the entrance to a secure area of the network, and the user terminal to thereby realize the access control by user authentication and the safe access to the secure area of the network from the network by encryption of communication information. However, since the user himself/herself is required to set up the IP addresses of the gateway server and the related proxy server, high convenience cannot be obtained.
(5) Moreover, before establishing the secure communication by IPsec, encryption key exchange is performed by IKE. Although the gateway server of the network authenticates the user requesting for the key exchange, since managing agencies differ from each other, the user identifier used for the user authentication at the time of accessing the network generally differs from the user identifier used for the user authentication at the time of connecting with the network. Therefore, a user has to manage at least two or more user identifiers, and convenience becomes low. Moreover, all the users low in security consciousness set up the same user identifier and the same password, and reduce the security of the network.
In this example, when the user authentication is performed by using PKI (public key infrastructure) which is a robust user authentication technology, a damage derived from the leakage of a password can be eliminated. However, even though the same user authenticator is used for the access authentication of an external network and the access authentication to a network, since the same authentication processing is repeated, it takes time to establish the secure communication, and convenience becomes low.
(6) On the other hand, in the iPass which carries out the roaming service, a certain affiliated network is accessed by using one user authenticator (for example, ID/password of the network) among the networks which contain the network a contract of which was made, the user authenticator is roamed, the authentication server of the network which manages the user authenticator makes the authentication authorization, and it is possible to further execute the collective authentication authorization processing and encryption key distribution which is cooperated with the gateway server of the network. However, a specific protocol for gateway servers is used for cooperation between the authentication server of the network and the gateway server. Moreover, the cooperation is restricted to the domain and the system of the same provider. There is no flexibility that can perform an automatic setup safely with respect to the services that are conducted by various providers and systems.
FIG. 22 is a diagram for explaining a method that conducts a remote access to a network of an enterprise which is different in the management unit from the network such as the public wireless LAN from the network of the public wireless LAN in accordance with a conventional art.
The network 102 shown in FIG. 22 is a network 102 that is represented by a public wireless LAN, and a network connection service is offered by the provider. The network 102 is connected to the Internet or the like. Moreover, the public wireless LAN is a communication network of a domain limitation which is built by a wireless LAN or the like, and which is, for example, the network 102 built by the wireless LAN or the like in the office building of a store or an enterprise. Therefore, although the public wireless LAN is under the service of a mobile communication provider, a store or an enterprise makes a contract with the mobile communication provider, and the public wireless LAN is limited in the office building of the store or the enterprise.
Up to now, as shown in FIG. 22, communication providers such as an Internet service provider (ISP) manage the public wireless LAN service and offer the network connection service to the Internet or the like. A DHCP server 104 which distributes the IP addresses of various servers, etc., is installed in ISP. Moreover, a gateway like an IPsec gateway server 108 for accessing a network from the Internet, etc., is installed in the network of an enterprise or the like which is the private network 106. Moreover, a roaming authentication server 112 for roaming a plurality of ISP and performing network access authentication to the public wireless LAN service by one ID/password which is managed by, for example, an enterprise is installed in the roaming network provider (RSP) that is the roaming network 110 such as iPass. Hereafter, a description will be given of a sequence shown in FIG. 23 in a procedure in which the user terminal 114 safely makes access connection to the network of an enterprise or the like safely through the Internet from the public wireless LAN with reference to FIG. 22.
<Connection of Network Link (Layer 2, Data Link): Vulnerability of Encryption Algorithm>
First, a user sets SSID which is the identifier of the public wireless LAN service that has been registered in advance in the user terminal 114 ((2) of FIG. 22), SSID contained in a beacon that is sent from a wireless LAN access point is detected and selected, and network access authentication is started ((3) of FIG. 22). The wireless LAN access point 116 intercepts the communication from the user terminal 114 temporarily, receives the authentication information from the user terminal 114, and validates service use of the user terminal 114 to the ISP authentication server 118 inside ISP ((4) and (5) of FIG. 22). If the user terminal 114 is a roaming user at this time, a roaming authentication request is issued to an enterprise network via RSP, and authentication is conducted by the enterprise authentication server 120 of an enterprise ((6) to (9) of FIG. 22)). If an authentication result is good, the wireless LAN access point 116 releases a network link to the user who has intercepted ((10) to (13) of FIG. 22). Although the data that flows in the link of the wireless LAN is encrypted by WEP, since the encryption algorithm is vulnerable, tapping is possible and the authentication is not safe as security.
<Connection of IP Network: Spoofing>
Next, when the user terminal 114 has completely connected the network link, the user terminal 114 issues a request for acquiring a LAN setting containing IP addresses of the user terminal 114, a DNS server, a gateway which makes connection with the Internet, and the like to the DHCP server 104, and receives a LAN setting ((14) of FIG. 22). The user is not required to designate the IP address of the DHCP server 104 itself and so on in advance. Therefore, when an apparatus which spoofs as the DHC server 104 exists within the same public wireless LAN, tapping, service disturbance, etc. by fraudulent relay are attained, and security cannot be ensured.
<User's Convenience>
Further, in order to begin the secure communication by IPsec to the IP address of the gateway server of a network set to the user terminal 114 in advance, an IKE procedure which is key exchange is started. User authentication for key exchange may be performed in the IKE procedure. Although the IKE itself is a secure protocol, there are a number of procedures for starting a service safely from network access, and the convenience of the user until actually starting a service safely is spoiled. Moreover, in the service offered by the iPass or the like, it is possible for an authentication server and a gateway server to cooperate simultaneously with authentication of network access, and to perform key distribution. However, it is not assumed that the continuous authentication and an automatic setup of a service by two or more providers are conducted prior to starting secure communication with the network. For example, when another independent network 102 has the home agent server of a mobile IP service and the SIP server for a VoIP service, it is not assumed to make all authentications cooperate. In view of this matter, the flexibility of the conventional art is low.
Further, the following is a technique for automatically setting up a known terminal, but such a technique does not solve the problems.
Patent document 1 relates to an address setting method and apparatus. The patent document discloses an IP address automatic setting system to the terminal for an arbitrary MAC address.
[Patent Document 1] JP 11-234342 A
In the conventional system as mentioned above, since the service start procedure of the networks different in the management unit of the providers cannot cooperate with each other, the convenience to the user who wants to use a service safely and early is far from being high. In particular, in order to safely distribute the setup of various services to a user terminal, a measure of establishing a secure route between the user terminal and the respective providers is required. The procedure becomes complicated also in this case, and therefore a user's convenience is spoiled.